Amazon web services 我是。在web中实施MFA,但不在CLI中实施
希望缓慢地迁移用户,并想知道是否可以只在web UI中启用MFA,而不在CLI中启用 我有以下内容允许用户设置MFAAmazon web services 我是。在web中实施MFA,但不在CLI中实施,amazon-web-services,amazon-iam,Amazon Web Services,Amazon Iam,希望缓慢地迁移用户,并想知道是否可以只在web UI中启用MFA,而不在CLI中启用 我有以下内容允许用户设置MFA { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAllUsersToListAccounts", "Effect": "Allow",
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAllUsersToListAccounts",
"Effect": "Allow",
"Action": [
"iam:ListUsers",
"iam:ListAccountAliases"
],
"Resource": "arn:aws:iam::*:user/*"
},
{
"Sid": "AllowIndividualUserToSeeTheirAccountInformation",
"Effect": "Allow",
"Action": [
"iam:GetLoginProfile",
"iam:GetAccountSummary",
"iam:GetAccountPasswordPolicy"
],
"Resource": "arn:aws:iam::470196620241:user/${aws:username}"
},
{
"Sid": "AllowIndividualUserToListTheirMFA",
"Effect": "Allow",
"Action": [
"iam:ListVirtualMFADevices",
"iam:ListMFADevices"
],
"Resource": [
"arn:aws:iam::470196620241:user/${aws:username}",
"arn:aws:iam::470196620241:mfa/*"
]
},
{
"Sid": "AllowIndividualUserToManageThierMFA",
"Effect": "Allow",
"Action": [
"iam:ResyncMFADevice",
"iam:EnableMFADevice",
"iam:DeleteVirtualMFADevice",
"iam:DeactivateMFADevice",
"iam:CreateVirtualMFADevice"
],
"Resource": [
"arn:aws:iam::470196620241:user/${aws:username}",
"arn:aws:iam::470196620241:mfa/${aws:username}"
]
},
{
"Sid": "DenyAllWithoutMFA",
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"BoolIfExists": {
"aws:MultiFactorAuthPresent": "false"
}
}
}
]
}
aws s3 ls
在cli中不使用MFA,但仅当MFA设置为AFAIK时才起作用,不幸的是,这是不可能的,因为控制台和cli使用相同的权限集。相关:和